Download and Launch Fortigate Virtual Machine in VMWare WorkStation

This post is to summarize the steps to download and install Fortigate Firewall VM into your VMware workstation for your lab testing.

Fortinet Firewall Fortigate-30D Basic Configuration and NAT Set up Steps

Diagram

Download VM

Support site: https://support.fortinet.com/download/firmwareimages.aspx

You will need to create your own account for Fortinet website to continue downloading VM images.

Please download VM start with FGT and not start with FOS. FOS-VMs are meant to work only in closed environments without Internet access. FOS-VMs license validation process is exclusively taken care of by the FortiMeter module of FortiManager, not by FortiGuard. Upon instantiation, a FOS-VM is provided with a permanent Serial Number. The FOS-VM license status is “Valid”, and is set with a “FortiMeter grace period” value of 1 hour. (From: FOS-VM License management, validation, and troubleshooting)

Launch VM into VMWare Workstation

Unzip download zip file: e.g. FGT_VM64-v7.0.3-build0237-FORTINET.out.ovf.zip

You will get 2 VMDK disk files and 6 different OVF files. To import it into your VMWare Workstation, just double click one of ovf file then the import wizard will show up.

Component	Description
fortios.vmdk	FortiGate-VM system hard disk in VMDK format.
datadrive.vmdk	FortiGate-VM log disk in VMDK format.
Open Virtualization Format (OVF) template files
FortiGate-VM64.ovf	OVF template based on Intel e1000 NIC driver.
FortiGate-VM64.hw04.ovf	OVF template file for older (v3.5) VMware ESX server. This file will be deprecated in future releases.
FortiGate-VMxx.hw07_vmxnet2.ovf	OVF template file for VMware vmxnet2 driver.
FortiGate-VMxx.hw07_vmxnet3.ovf	OVF template file for VMware vmxnet3 driver.
FortiGate-VM64.hw13.ovf	OVF template file for VMware ESXi 6.5 and later versions.
FortiGate-VM64.hw14.ovf	OVF template file for VMware ESXi 6.7 and later versions.
FortiGate-VM64.vapp.ovf	OVF template file for VMware vSphere, vCenter, and vCloud.

From : VMware ESXi Administration Guide

Configuration Port 1 (Mgmt) Interface

After VM complete loaded, it might need to reboot it once then you will be prompted to login:
Default username : admin

Password: none

It will require you to change password right away after log in.

Initial Configuration for Port1 interface (Mgmt interface).

Using command "show system interface"

To check port 1 (dhcp) ip address, using following two commands:

config system interface
edit ?

Or use command

show system interface ?

Especially "edit ?", it will show all ip address of your Fortigate ports.

From command line, set por1 a static ip to connect from your browser:

(Note: Please make sure http enabled and static ip used. )

config system interface
edit port1
set mode static
set ip 192.168.2.18 255.255.255.0
append allowaccess http
end

Some commands to check interface and system status

Show system interface
Get system status

Web GUI Dashboard:

Optional : Set up default gateway for Internet traffic:

config router static
edit 1
set device port1
set gateway 192.168.2.1
end

Config Fortigate WAN, LAN & DMZ Interfaces

WAN

LAN and DMZ

Configure Firewall Rule

Basic rule is from LAN to WAN for Internet traffic.

VPN

A VPN connection establishes a secure connection between you and the internet. Via the VPN, all your data traffic is routed through an encrypted virtual tunnel. This disguises your IP address when you use the internet, making its location invisible to everyone. A VPN connection is also secure against external attacks. We believe every human has a right to privacy and that online privacy is becoming more and more important as society moves further into the digital age. Before choose your VPN solution, you will need to do a comprehensive, in-depth comparison or using some online website to help you out, such as VPN Check.